package cn.tedu.system.user.controller;

import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@Api(tags = "资源管理")
@RestController
@RequestMapping("/api")
public class ResourceController {

    @ApiOperationSupport(order = 1)
    @ApiOperation("公共资源")
    @GetMapping("/public/hello")
    public String helloPublic() {
        return "Hello from a public endpoint! You don't need to be authenticated to see this.";
    }

    /***
     * @PreAuthorize 注解描述的方法是一个鉴权切入点方法，
     * 当这个方法执行时会被Spring Security中的拦截器，拦截器拦截下来，然后
     * 调用AOP的通知方法，对用户进行鉴权操作，有权限则放行(授权)，没有权限则拒绝执行
     * @return
     */
    @ApiOperationSupport(order = 1)
    @ApiOperation("私有资源")
    @PreAuthorize("hasAuthority('sys:user:view')")
    @GetMapping("/private/hello")
    public String helloPrivate() {
        return "Hello from a private endpoint! You need to be authenticated to see this.";
    }

}
